WinInfo Daily Update, July 6, 2006: WGA Garners More Attention, All of It Bad

WGA Garners More Attention All of It Bad

While Microsoft continues to both defend and roll out its spyware like Windows Genuine Advantage (WGA) service around the world the company is facing two WGA related threats. First, security researchers have identified a software worm that disguises itself as WGA. Second, a new class action lawsuit was filed against Microsoft late last week alleging that WGA is spyware and that Microsoft is misleading consumers about the technology.

WGA is a downloadable software service that Microsoft makes available via Windows Update and Automatic Updates. The service is divided into two components: WGA Validation, which checks to ensure that your PC isn't running a pirated version of Windows XP, and WGA Notifications, which is the piece that has raised privacy and security concerns. WGA Notifications was designed to display annoying pop up alerts to users who are running pirated versions of Windows. But the software was also secretly phoning home to Microsoft servers every time an XP system rebooted. And Microsoft had made WGA a critical security update on Windows Update and Automatic Updates, despite the fact that it was until recently in beta. That means millions of users inadvertently downloaded unfinished Microsoft code to their PCs without understanding what they were doing and how the software behaved.

Since owning up to the software's clandestine behavior Microsoft changed WGA Notifications so that it doesn't phone home on every system reboot. But the company also took WGA out of beta and began rolling out the service automatically to Windows users worldwide. Last week a class action lawsuit was filed in the state of Washington alleging that Microsoft was violating California and Washington consumer protection laws. Unfortunately for Microsoft, that was only the start of its WGA related problems.

This week security researchers at Sophos identified a worm called Cuebot K that disguises itself as WGA and is spreading via AOL's Instant Messenger network. The worm identifies itself as wgavn and Windows Genuine Advantage Validation Notification and is installed to run each time the system boots. If the user tries to disable the worm he or she is warned that doing so could result in system instability. Behind the scenes, Cuebot K disables the Windows firewall and opens a back door from which hackers could remotely control the PC steal personal information or launch. Distributed Denial of Service (DDOS) attacks.

But wait, there's more. A group of companies and individuals has filed a second class action lawsuit against Microsoft for delivering spyware to consumers in the guise of WGA and deceiving consumers about its intentions. The suit complains that WGA secretly communicates with Microsoft's servers and gathers data that can easily identify individual PCs contrary to Microsoft's assertions.

Microsoft says the suit is without merit.

"This distorts the real objectives of the WGA program and obscures the real issue which is the harm to consumers posed by software piracy," a Microsoft spokesperson said. "As with all of our programs we've gotten constructive customer feedback, the program has evolved and we've made improvements. Microsoft continues its efforts to foster better communications with its customers."